{"id":23066940,"url":"https://github.com/dvsa/cognito-migration-lambda","last_synced_at":"2025-08-15T11:33:44.418Z","repository":{"id":40369247,"uuid":"390754672","full_name":"dvsa/cognito-migration-lambda","owner":"dvsa","description":"Lambda which is executed when a login request fails on Cognito due to a non-existent user.","archived":false,"fork":false,"pushed_at":"2024-09-07T08:01:07.000Z","size":1012,"stargazers_count":1,"open_issues_count":4,"forks_count":1,"subscribers_count":13,"default_branch":"main","last_synced_at":"2024-09-07T09:21:59.192Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvsa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-07-29T14:40:14.000Z","updated_at":"2024-01-03T09:20:51.000Z","dependencies_parsed_at":"2024-09-07T09:21:20.120Z","dependency_job_id":"03354b0e-46fc-419a-b43b-9cee579605cb","html_url":"https://github.com/dvsa/cognito-migration-lambda","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":"dvsa/dvsa-lambda-starter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcognito-migration-lambda","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcognito-migration-lambda/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcognito-migration-lambda/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvsa%2Fcognito-migration-lambda/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvsa","download_url":"https://codeload.github.com/dvsa/cognito-migration-lambda/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229910956,"owners_count":18143229,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-16T05:15:38.808Z","updated_at":"2024-12-16T05:15:39.278Z","avatar_url":"https://github.com/dvsa.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cognito-user-miration-lambda\n\nA Lambda to be invoked by AWS Cognito, to migrate users from an LDAP source.\n\nCan handle both `UserMigration_Authentication` and `UserMigration_ForgotPassword` events from AWS Cognito as referenced in https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html\n\n## Configuration\n\nConfigure the Lambda using **environment variables**:\n\n### LDAP_URL\n\nA valid LDAP URL (proto/host/port only).\n\n#### Example\n```text\nldap://example.net:389\n```\n\n### LDAP_OPERATION_TIMEOUT\n\nTimeout for LDAP operations in milliseconds (default: 5000)\n\n#### Example\n```text\n10000\n```\n\n### LDAP_ADMIN_DN\n\nThe FQDN for the admin user to search and obtain user objects.\n\n#### Example\n```text\ncn=admin,dc=localdev,dc=dvsa\n```\n\n### SECRETS_MANAGER_NAME\n\nThe \"Secret name\" as defined in **AWS Secrets Manager**\n\n#### Example\n```text\nmy-secret-stash\n```\n\n### SECRETS_MANAGER_KEY_LDAP_ADMIN_PASSWORD\n\nThe key which exists in the secret retrieved from **AWS Secrets Manager**\n\nThe key should have a value which is the password/credential used to authenticate the ADMIN user.\n\n#### Example\n```text\nLDAP_ADMIN_PASSWORD\n```\n\n#### Pro Tip\n\nThe value used in this environment variable can also be defined as another environment variable, if it is defined, the application will use the value in environment variable instead of asking **AWS Secrets Manager**. \n\nThis is useful for example for local development. For example (and using the example above), if we define an environment variable `LDAP_ADMIN_PASSWORD` the value in there is used instead of the value from **AWS Secrets Manager**.\n\n_This functionality is provided by https://github.com/dvsa/dvsa-secrets-manager/._ \n\n### LDAP_USER_SEARCH_BASE\n\nThe LDAP base DN to search the user.\n\n#### Example\n```text\ndc=example,dc=com\n```\n\n### LDAP_USERNAME_ATTRIBUTE\n\nThe LDAP search equality attribute name corresponding to the user's username. LDAP_USER_BASE is appended when searching and authenticating.\n\n#### Example\n```text\ncn\n```\n\n### LDAP_OBJECT_FILTER_MAP\n\nJSON string containing a filter map transforming the object from LDAP to Cognito user attributes:\n\n**Key:** LDAP entry field  =\u003e  **Value:** Cognito user attribute field\n\nAttributes not defined are ignored and not given to Cognito.\n\n#### Example\n```json\n{\n  \"mail\": \"email\",\n  \"cn\": \"username\"\n}\n```\n\n## Requirements\n\n- node v18.*\n- [SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html)\n\n\n## Build\n\n- `npm i`\n- `npm run build:dev`\n\n## Watch\n\nTo watch for changes and automatically trigger a new build:\n- `npm run watch:dev`\n\n\n## Run Lambdas Locally\n\n- Ensure you have an LDAP instance running (`docker-compose up`)\n- Build the files first\n- Set environment variables in `env.json` (see `env.example.json` for an example)\n- To run CloudWatch Event lambdas:\n  ```\n  npm run invoke -- --env-vars env.json -e ./event/userMigrationAuthenticationTriggerEvent.event.json\n  ```\n\n## Tests\n\n- The [Jest](https://jestjs.io/) framework is used to run tests and collect code coverage\n- To run the tests, run the following command within the root directory of the project: `npm test`\n- Coverage results will be displayed on terminal and stored in the `coverage` directory\n    - The coverage requirements can be set in `jest.config.js`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvsa%2Fcognito-migration-lambda","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvsa%2Fcognito-migration-lambda","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvsa%2Fcognito-migration-lambda/lists"}